Merge pull request #258 from ebarriosjr/feature/Include-vault-token-i…

…n-deployment Feature/include vault token in deployment
hashicorp · Dec 14, 2018 · cc275cb · cc275cb
2 parents e556b35 + b16450c
commit cc275cb
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/command/deploy.go b/command/deploy.go
@@ -46,7 +46,7 @@ General Options:
   -canary-auto-promote=<seconds>
     The time in seconds, after which Levant will auto-promote a canary job
     if all canaries within the deployment are healthy.
-		
+
   -consul-address=<addr>
     The Consul host and port to use when making Consul KeyValue lookups for
     template rendering.
@@ -65,6 +65,14 @@ General Options:
     can be changed using this flag so that Levant will exit cleanly ensuring CD
     pipelines don't fail when no changes are detected.
 
+  -vault
+    This flag makes levant load the vault token from the current ENV.
+    It can not be used at the same time than -vault-token=<vault-token> flag
+
+  -vault-token=<vault-token>
+    The vault token used to deploy the application to nomad with vault support
+    This flag can not be used at the same time than -vault flag
+
   -log-level=<level>
     Specify the verbosity level of Levant's logs. Valid values include DEBUG,
     INFO, and WARN, in decreasing order of verbosity. The default is INFO.
@@ -111,6 +119,9 @@ func (c *DeployCommand) Run(args []string) int {
 	flags.BoolVar(&config.Plan.IgnoreNoChanges, "ignore-no-changes", false, "")
 	flags.StringVar(&level, "log-level", "INFO", "")
 	flags.StringVar(&format, "log-format", "HUMAN", "")
+	flags.StringVar(&config.Deploy.VaultToken, "vault-token", "", "")
+	flags.BoolVar(&config.Deploy.EnvVault, "vault", false, "")
+
 	flags.Var((*helper.FlagStringSlice)(&config.Template.VariableFiles), "var-file", "")
 
 	if err = flags.Parse(args); err != nil {
@@ -119,6 +130,12 @@ func (c *DeployCommand) Run(args []string) int {
 
 	args = flags.Args()
 
+	if config.Deploy.EnvVault == true && config.Deploy.VaultToken != "" {
+		c.UI.Error(c.Help())
+		c.UI.Error("\nERROR: Can not used -vault and -vault-token flag at the same time")
+		return 1
+	}
+
 	if err = logging.SetupLogger(level, format); err != nil {
 		c.UI.Error(err.Error())
 		return 1

diff --git a/levant/deploy.go b/levant/deploy.go
@@ -2,6 +2,7 @@ package levant
 
 import (
 	"fmt"
+	"os"
 	"strings"
 	"time"
 
@@ -32,6 +33,9 @@ type DeployConfig struct {
 func newLevantDeployment(config *DeployConfig, nomadClient *nomad.Client) (*levantDeployment, error) {
 
 	var err error
+	if config.Deploy.EnvVault == true {
+		config.Deploy.VaultToken = os.Getenv("VAULT_TOKEN")
+	}
 
 	dep := &levantDeployment{}
 	dep.config = config
@@ -110,6 +114,8 @@ func (l *levantDeployment) deploy() (success bool) {
 
 	log.Info().Msgf("levant/deploy: triggering a deployment")
 
+	l.config.Template.Job.VaultToken = &l.config.Deploy.VaultToken
+
 	eval, _, err := l.nomad.Jobs().Register(l.config.Template.Job, nil)
 	if err != nil {
 		log.Error().Err(err).Msg("levant/deploy: unable to register job with Nomad")

diff --git a/levant/structs/config.go b/levant/structs/config.go
@@ -34,6 +34,13 @@ type DeployConfig struct {
 	// ForceCount is a boolean flag that can be used to ignore running job counts
 	// and force the count based on the rendered job file.
 	ForceCount bool
+
+	// VaultToken is a string with the vault token.
+	VaultToken string
+
+	// EnvVault is a boolean flag that can be used to enable reading the VAULT_TOKEN
+	// from the enviromment.
+	EnvVault bool
 }
 
 // ClientConfig is the config struct which houses all the information needed to connect